Sr Manager - PCI & Regulatory Compliance

Apply now »
Apply now

Date: Jan 15, 2019

Location: Las Vegas, Nevada, US

Company: Las Vegas Sands Corp.

Position Overview:

The primary responsibility of the Senior Manager - PCI Compliance is to assist with Information Security initiatives to align with the Client Corporate Security Standards and assist the Director - PCI Compliance establish a compliance program by evaluating security standards and regulatory requirements, assess business processes, define scope, develop written narratives and process dataflows, identify risks and remediation, and document and maintain a standard controls matrix to ensure compliance with the Payment Card Industry - Data Security Standards (PCI-DSS) and other regulatory compliance requirements (including but not limited to) the Nevada Gaming Control Board’s Minimum Internal Control Standards (MICS), Internal Control Standards (ICS), Anti Money Laundering (AML), Internal Revenue Services (IRS) Office Foreign Assets Control (OFAC), Sarbanes-Oxley (SOX) and General Data Protection Regulation (GDPR). All duties are to be performed in accordance with departmental and The Venetian | The Palazzo Casino Resort’s policies, practices, and procedures. 

Essential Duties & Responsibilities:

  • Work under the direct guidance of the Finance Department to ensure adoption and compliance with Las Vegas Sands Corporate and The Venetian | The Palazzo Information Technology Security Standards while enabling business success.
  • Periodically perform risk assessments of the applications, systems and business processes to verify compliance with the security standards and prioritize the remediation of gaps based on risk to the organization. Coordinate the remediation of all gaps identified.
  • Assist with facilitation and management of the Las Vegas Sands Corporate and The Venetian | The Palazzo security audits and requests. Complete security compliance questionnaires and provide requested documentation to requesting departments in a timely manner. Coordinate and host customer onsite audits as necessary. Coordinate and manage any remediation efforts.
  • Support cybersecurity application, system and network security vulnerability and penetration tests, and security monitoring and remediation as needed for The Venetian | The Palazzo web site applications and systems. 
  • Provide guidance for new contracts, vendor procurement processes and security projects to ensure security best-practices are implemented and that business unit projects are developed in accordance with PCI-DSS and other regulatory requirements, including compliance with the Las Vegas Sands Corporate and The Venetian | The Palazzo IT Security Standards.
  • Assist with subpoena requests and handling depositions working with internal/external Legal Counsel.
  • Assist with internal and external audit reviews, timely remediation and reporting.

Additional Duties & Responsibilities:

  • Educate business associates regarding daily, monthly, quarterly, semi-annual and annual data security standards and other regulatory requirements.  Ensure processes provide adequate testing & validation.
  • Assess quarterly access reviews, to ensure adequate provisioning of new hires, transfers and terminations are performed in accordance with compliance requirements.
  • Coordinate the administration and maintenance of security log systems and ensure logging standards are implemented with new implementation or upgrades to applications.
  • Coordinate with the technology and business areas to ensure they maintain disaster recovery and business continuity plans and procedures for the suite of solutions. Assist with disaster recovery testing efforts for customer-facing web site applications.
  • Meet as scheduled, or as needed, with various departments (e.g., IT, Audit, Legal) to provide updates and information on security issues. Responsible for responding to requests for information to support compliance initiatives.
  • Provide security and compliance expertise by working with technology, the business, and legal teams to process requests and assist with developing secure solutions.
  • Coordinate security projects for The Venetian | The Palazzo products and initiatives. These projects include, but not limited to:  network and application security vulnerability remediation efforts; provide security guidance to IT and the business; ensure daily operational security risks are resolved, partner with Legal, IT and the Business to develop business continuity and disaster recovery documentation and participate in the BCP/DR, GDPR and PCI test activities, provide support for customer security and financial audits, audit findings and timely remediation.
  • Partner with Hotel & Gaming Operations, Finance, Vendor Management, Procurement, Legal, IT, CyberSecurity etc. to assess scope and validate attestation of compliance of new vendors, systems, applications, enhancements and automation; system integration and implementation with applications and devices, and user access testing and provisioning are performed to ensure operational effectiveness and compliance requirements are achieved and maintained.
  • Ensure compliance documentation including company policies, procedures, process dataflows, written narratives, scope documentation, asset inventories and compliance matrix are updated and maintained.
  • Assist with the development, implementation and monitoring of compliance policies, procedures and training programs. Ensure programs are made available to all new hires and team members at least once annually, and consist of multiple means of communications. 
  • Ensure compliance with legal, regulatory and contractual security obligations, and assist with the development and implementation of security process improvements to drive security and risk mitigation efforts.
  • Consistent and regular attendance is an essential function of this job.
  • Performs other related duties as assigned.

Additional Duties & Responsibilities:

 

Company Standards of Conduct

All Venetian | Palazzo Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.

Additional Duties & Responsibilities:

Minimum Qualifications:

  • 21 years of age.
  • Proof of authorization/eligibility to work in the United States.
  • Bachelor’s in Computer Science, Information Systems, Finance, Accounting, Business Administration, Analytics or related discipline preferred or equivalent work experience.
  • CISA, CISM, CISSP or other IT Security / Financial Audit certifications preferred.
  • Must be able to obtain and maintain a Nevada Gaming Control Board registration and any other certification or license, as required by law or policy. 
  • 5 years of experience in Hotel or Gaming Operations, Internal Controls, SOX, Financial Audit, IT Security, Risk, Governance and/or Compliance.
  • Working knowledge of NGCB MICS, PCI-DSS, SOX, AML, GDPR, OFAC and HIPAA compliance requirements.
  • Functional knowledge or experience working with ACSC and LMS preferred.
  • Demonstrated experience working independently with minimum supervision.
  • Strong MS office skills using Excel, Access, Visio and SharePoint sites.
  • Ability to provide timely work results and remediation.
  • Ability to communicate clearly and effectively in English, both in spoken and written form.
  • Excellent organizational and project management skills, with the ability to assess environments and maintain effective target and project implementation dates.
  • Experience executing and maintaining company policies and procedures.
  • Ability to explain risk, prioritize remediation efforts against other projects and effectively influence teams to focus on successful completion of security projects.
  • Understanding of web-based applications, infrastructure, and architecture.
  • Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
  • Must be able to work varied shifts, including nights, weekends and holidays.

 

Physical Requirements:

Must be able to:

  • Lift or carry 10 pounds, unassisted, in the performance of specific tasks, as assigned.
  • Physically access all areas of the property and drive areas with or without a reasonable accommodation.
  • Maintain composure under pressure and consistently meet deadlines with internal and external customers and contacts.
  • Ability to interact appropriately and effectively with guests, management, other team members, and outside contacts.
  • Ability for prolonged periods of time to walk, stand, stretch, bend and kneel.
  • Work in a fast-paced and busy environment.
  • Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, dust, and cigarette smoke.


Job Segment: Compliance, Regulatory Affairs, Law, Developer, Manager, Legal, Technology, Management

Apply now »
Apply now
Share this Job